| Package | tiff |
|---|---|
| Version | 4.0.8-2+deb9u15 (stretch), 4.1.0+git191117-2~deb10u12 (buster) |
| Related CVEs | CVE-2026-4775 |
Quang Luong discovered a heap overflow in the libtiff library, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.
In addition, the stretch update also fixes a heap buffer overflow read.
For Debian 10 buster, these problems have been fixed in version 4.1.0+git191117-2~deb10u12.
For Debian 9 stretch, these problems have been fixed in version 4.0.8-2+deb9u15.
We recommend that you upgrade your tiff packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.